Update SafeBrowsingPrivateEventRouter for enterprise connectors.

1/ Pipes the access point to the router which will be needed eventually for event cleanup
2/ Removes dependency of the router on the protos directly
3/ Adds overloads for the MaybeReortXXX and ReportXXXBypass functions to accept the new protos.

Bug: 1069068, 1069062
Change-Id: I0fc5e734a665ef88552aebabe5d63f1bb90bb0f5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2229600Reviewed-by: Daniel Rubery <drubery@chromium.org>
Reviewed-by: Dominique Fauteux-Chapleau <domfc@chromium.org>
Commit-Queue: Roger Tawa <rogerta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#779870}

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h

@@ -36,7 +36,8 @@ class DeviceManagementService;
 
 namespace safe_browsing {
 class BinaryUploadService;
-class DlpDeepScanningVerdict;
+enum class DeepScanAccessPoint;
+struct ContentAnalysisScanResult;
 }
 
 #if defined(OS_CHROMEOS)
@@ -70,13 +71,7 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
   static const char kKeyClickedThrough[];
   static const char kKeyTriggeredRuleId[];
   static const char kKeyTriggeredRuleName[];
-  static const char kKeyTriggeredRuleResourceName[];
-  static const char kKeyTriggeredRuleSeverity[];
   static const char kKeyTriggeredRuleAction[];
-  static const char kKeyMatchedDetectors[];
-  static const char kKeyMatchedDetectorId[];
-  static const char kKeyMatchedDetectorName[];
-  static const char kKeyMatchedDetectorType[];
   static const char kKeyTriggeredRuleInfo[];
   static const char kKeyThreatType[];
   static const char kKeyContentType[];
@@ -91,7 +86,8 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
   static const char kKeyUnscannedFileEvent[];
   static const char kKeyUnscannedReason[];
 
-  // String constants for the "trigger" event field.
+  // String constants for the "trigger" event field.  This corresponds to
+  // an enterprise connector.
   static const char kTriggerFileDownload[];
   static const char kTriggerFileUpload[];
   static const char kTriggerWebContentUpload[];
@@ -126,33 +122,26 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
                                        const std::string& reason,
                                        int net_error_code);
 
-  // Notifies listeners that deep scanning detected a dangerous download.
-  void OnDangerousDeepScanningResult(const GURL& url,
-                                     const std::string& file_name,
-                                     const std::string& download_digest_sha256,
-                                     const std::string& threat_type,
-                                     const std::string& mime_type,
-                                     const std::string& trigger,
-                                     const int64_t content_size);
-
-  // Notifies listeners that scanning for sensitive data detected a violation.
-  void OnSensitiveDataEvent(
-      const safe_browsing::DlpDeepScanningVerdict& verdict,
+  // Notifies listeners that the analysis connector detected a violation.
+  void OnAnalysisConnectorResult(
       const GURL& url,
       const std::string& file_name,
       const std::string& download_digest_sha256,
       const std::string& mime_type,
       const std::string& trigger,
+      safe_browsing::DeepScanAccessPoint access_point,
+      const safe_browsing::ContentAnalysisScanResult& result,
       const int64_t content_size);
 
-  // Notifies listeners that scanning for sensitive data detected a violation.
-  void OnSensitiveDataWarningBypassed(
-      const safe_browsing::DlpDeepScanningVerdict& verdict,
+  // Notifies listeners that an analysis connector violation was bypassed.
+  void OnAnalysisConnectorWarningBypassed(
       const GURL& url,
       const std::string& file_name,
       const std::string& download_digest_sha256,
       const std::string& mime_type,
       const std::string& trigger,
+      safe_browsing::DeepScanAccessPoint access_point,
+      const safe_browsing::ContentAnalysisScanResult& result,
       const int64_t content_size);
 
   // Notifies listeners that deep scanning failed, for the given |reason|.
@@ -161,6 +150,7 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
                             const std::string& download_digest_sha256,
                             const std::string& mime_type,
                             const std::string& trigger,
+                            safe_browsing::DeepScanAccessPoint access_point,
                             const std::string& reason,
                             const int64_t content_size);
 
@@ -257,6 +247,25 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
   // an empty string if the profile is not signed in.
   std::string GetProfileUserName() const;
 
+  // Notifies listeners that deep scanning detected a dangerous download.
+  void OnDangerousDeepScanningResult(const GURL& url,
+                                     const std::string& file_name,
+                                     const std::string& download_digest_sha256,
+                                     const std::string& threat_type,
+                                     const std::string& mime_type,
+                                     const std::string& trigger,
+                                     const int64_t content_size);
+
+  // Notifies listeners that the analysis connector detected a violation.
+  void OnSensitiveDataEvent(
+      const GURL& url,
+      const std::string& file_name,
+      const std::string& download_digest_sha256,
+      const std::string& mime_type,
+      const std::string& trigger,
+      const safe_browsing::ContentAnalysisScanResult& result,
+      const int64_t content_size);
+
   content::BrowserContext* context_;
   signin::IdentityManager* identity_manager_ = nullptr;
   EventRouter* event_router_ = nullptr;

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc

@@ -18,6 +18,7 @@
 #include "chrome/browser/enterprise/connectors/common.h"
 #include "chrome/browser/enterprise/connectors/connectors_manager.h"
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_factory.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/api/safe_browsing_private.h"
 #include "chrome/test/base/testing_browser_process.h"
@@ -46,6 +47,7 @@
 
 using ::testing::_;
 using ::testing::Mock;
+using ::testing::Return;
 using ::testing::SaveArg;
 
 namespace extensions {
@@ -187,41 +189,31 @@ class SafeBrowsingPrivateEventRouterTest : public testing::Test {
   }
 
   void TriggerOnSensitiveDataEvent() {
-    safe_browsing::DlpDeepScanningVerdict verdict;
-    verdict.set_status(safe_browsing::DlpDeepScanningVerdict::SUCCESS);
-    safe_browsing::DlpDeepScanningVerdict::TriggeredRule* rule =
-        verdict.add_triggered_rules();
-    rule->set_action(
-        safe_browsing::DlpDeepScanningVerdict::TriggeredRule::BLOCK);
-    rule->set_rule_name("fake rule");
-    rule->set_rule_id(12345);
-    rule->set_rule_resource_name("fake resource name");
-    rule->set_rule_severity("fake severity");
-
-    safe_browsing::DlpDeepScanningVerdict::MatchedDetector* detector =
-        rule->add_matched_detectors();
-    detector->set_detector_id("fake id");
-    detector->set_display_name("fake name");
-    detector->set_detector_type("fake type");
-
-    detector = rule->add_matched_detectors();
-    detector->set_detector_id("fake id2");
-    detector->set_display_name("fake name2");
-    detector->set_detector_type("fake type2");
+    safe_browsing::ContentAnalysisScanResult result;
+    result.tag = "dlp";
+    result.status = 1;
+    safe_browsing::ContentAnalysisTrigger trigger;
+    trigger.action = 3;
+    trigger.name = "fake rule";
+    trigger.id = "12345";
+    result.triggers.push_back(std::move(trigger));
 
     SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->OnSensitiveDataEvent(verdict,
-                               GURL("https://evil.com/sensitive_data.txt"),
-                               "sensitive_data.txt", "sha256_of_data",
-                               "text/plain", "FILE_UPLOAD", 12345);
+        ->OnAnalysisConnectorResult(
+            GURL("https://evil.com/sensitive_data.txt"), "sensitive_data.txt",
+            "sha256_of_data", "text/plain",
+            SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
+            safe_browsing::DeepScanAccessPoint::UPLOAD, result, 12345);
   }
 
   void TriggerOnUnscannedFileEvent() {
     SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->OnUnscannedFileEvent(GURL("https://evil.com/sensitive_data.txt"),
-                               "sensitive_data.txt", "sha256_of_data",
-                               "text/plain", "FILE_DOWNLOAD",
-                               "filePasswordProtected", 12345);
+        ->OnUnscannedFileEvent(
+            GURL("https://evil.com/sensitive_data.txt"), "sensitive_data.txt",
+            "sha256_of_data", "text/plain",
+            SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+            safe_browsing::DeepScanAccessPoint::DOWNLOAD,
+            "filePasswordProtected", 12345);
   }
 
   void SetReportingPolicy(bool enabled) {
@@ -726,7 +718,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnSensitiveDataEvent) {
   EXPECT_EQ(
       "sensitive_data.txt",
       *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyFileName));
-  EXPECT_EQ("FILE_UPLOAD",
+  EXPECT_EQ(SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
             *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyTrigger));
 
   base::Value* triggered_rule_info =
@@ -741,27 +733,6 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnSensitiveDataEvent) {
   EXPECT_EQ("fake rule",
             *triggered_rule.FindStringKey(
                 SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleName));
-  EXPECT_EQ("fake resource name",
-            *triggered_rule.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleResourceName));
-  EXPECT_EQ("fake severity",
-            *triggered_rule.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleSeverity));
-
-  base::Value* matched_detectors = triggered_rule.FindKey(
-      SafeBrowsingPrivateEventRouter::kKeyMatchedDetectors);
-  ASSERT_NE(nullptr, matched_detectors);
-  ASSERT_EQ(2u, matched_detectors->GetList().size());
-  base::Value detector = std::move(matched_detectors->GetList()[0]);
-  EXPECT_EQ("fake id",
-            *detector.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorId));
-  EXPECT_EQ("fake type",
-            *detector.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorType));
-  EXPECT_EQ("fake name",
-            *detector.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorName));
 }
 
 TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent) {
@@ -798,7 +769,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent) {
   EXPECT_EQ(
       "sensitive_data.txt",
       *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyFileName));
-  EXPECT_EQ("FILE_DOWNLOAD",
+  EXPECT_EQ(SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
             *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyTrigger));
   EXPECT_EQ("filePasswordProtected",
             *event->FindStringKey(
@@ -816,6 +787,8 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestProfileUsername) {
       ->SetIdentityManagerForTesting(
           identity_test_environment.identity_manager());
 
+  EXPECT_CALL(*client_, UploadRealtimeReport_(_, _)).WillRepeatedly(Return());
+
   // With no primary account, we should not set the username.
   TriggerOnSecurityInterstitialShownEvent();
   base::RunLoop().RunUntilIdle();

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate.cc

@@ -196,12 +196,12 @@ void DeepScanningDialogDelegate::BypassWarnings() {
     for (const base::string16& entry : data_.text)
       content_size += (entry.size() * sizeof(base::char16));
 
-    ReportSensitiveDataWarningBypass(
+    ReportAnalysisConnectorWarningBypass(
         Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
         web_contents_->GetLastCommittedURL(), "Text data", std::string(),
         "text/plain",
         extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-        content_size, text_response_.dlp_scan_verdict());
+        access_point_, content_size, text_response_.dlp_scan_verdict());
   }
 
   // Mark every "warning" file as complying and report a warning bypass.
@@ -209,12 +209,13 @@ void DeepScanningDialogDelegate::BypassWarnings() {
     size_t index = warning.first;
     result_.paths_results[index] = true;
 
-    ReportSensitiveDataWarningBypass(
+    ReportAnalysisConnectorWarningBypass(
         Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
         web_contents_->GetLastCommittedURL(), data_.paths[index].AsUTF8Unsafe(),
         file_info_[index].sha256, file_info_[index].mime_type,
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-        file_info_[index].size, warning.second.dlp_scan_verdict());
+        access_point_, file_info_[index].size,
+        warning.second.dlp_scan_verdict());
   }
 
   RunCallback();
@@ -426,7 +427,7 @@ void DeepScanningDialogDelegate::StringRequestCallback(
       web_contents_->GetLastCommittedURL(), "Text data", std::string(),
       "text/plain",
       extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-      content_size, result, response);
+      access_point_, content_size, result, response);
 
   text_request_complete_ = true;
   bool text_complies = ResultShouldAllowDataUse(result, data_.settings) &&
@@ -459,7 +460,7 @@ void DeepScanningDialogDelegate::CompleteFileRequestCallback(
       web_contents_->GetLastCommittedURL(), path.AsUTF8Unsafe(),
       file_info_[index].sha256, mime_type,
       extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-      file_info_[index].size, result, response);
+      access_point_, file_info_[index].size, result, response);
 
   bool dlp_ok = DlpVerdictAllowsDataUse(response.dlp_scan_verdict());
   bool malware_ok = true;

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate_browsertest.cc

@@ -408,7 +408,7 @@ IN_PROC_BROWSER_TEST_P(DeepScanningDialogDelegateSimpleBrowserTest, Texts) {
       // The hash should not be included for string requests.
       /*sha*/ "",
       /*trigger*/ SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-      /*dlp_verdict*/ response.dlp_scan_verdict(),
+      /*dlp_verdict*/ SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
       /*mimetype*/ TextMimeTypes(),
       /*size*/ 20);
 
@@ -822,7 +822,7 @@ IN_PROC_BROWSER_TEST_P(DeepScanningDialogDelegateDelayDeliveryUntilVerdictTest,
       /*threat_type*/ "DANGEROUS",
       /*trigger*/
       extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-      /*dlp_verdict*/ response.dlp_scan_verdict(),
+      /*dlp_verdict*/ SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
       /*mimetypes*/ DocMimeTypes(),
       /*size*/ std::string("foo content").size());
 

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.cc

@@ -4,6 +4,7 @@
 
 #include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h"
 
+#include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/enterprise/connectors/common.h"
@@ -186,7 +187,7 @@ void EventReportValidator::ExpectSensitiveDataEvent(
     const std::string& expected_filename,
     const std::string& expected_sha256,
     const std::string& expected_trigger,
-    const DlpDeepScanningVerdict& expected_dlp_verdict,
+    const ContentAnalysisScanResult& expected_dlp_verdict,
     const std::set<std::string>* expected_mimetypes,
     int expected_content_size) {
   event_key_ = SafeBrowsingPrivateEventRouter::kKeySensitiveDataEvent;
@@ -214,7 +215,7 @@ void EventReportValidator::
         const std::string& expected_sha256,
         const std::string& expected_threat_type,
         const std::string& expected_trigger,
-        const DlpDeepScanningVerdict& expected_dlp_verdict,
+        const ContentAnalysisScanResult& expected_dlp_verdict,
         const std::set<std::string>* expected_mimetypes,
         int expected_content_size) {
   event_key_ = SafeBrowsingPrivateEventRouter::kKeyDangerousDownloadEvent;
@@ -271,7 +272,6 @@ void EventReportValidator::ValidateReport(base::Value* report) {
                 content_size_);
   ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyThreatType,
                 threat_type_);
-  ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyReason, reason_);
   ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyUnscannedReason,
                 unscanned_reason_);
   ValidateMimeType(event);
@@ -298,54 +298,26 @@ void EventReportValidator::ValidateDlpVerdict(base::Value* value) {
   ASSERT_NE(nullptr, triggered_rules);
   ASSERT_EQ(base::Value::Type::LIST, triggered_rules->type());
   base::Value::ListView rules_list = triggered_rules->GetList();
-  int rules_size = rules_list.size();
-  ASSERT_EQ(rules_size, dlp_verdict_.value().triggered_rules_size());
-  for (int i = 0; i < rules_size; ++i) {
+  size_t rules_size = rules_list.size();
+  ASSERT_EQ(rules_size, dlp_verdict_.value().triggers.size());
+  for (size_t i = 0; i < rules_size; ++i) {
     base::Value* rule = &rules_list[i];
     ASSERT_EQ(base::Value::Type::DICTIONARY, rule->type());
-    ValidateDlpRule(rule, dlp_verdict_.value().triggered_rules(i));
+    ValidateDlpRule(rule, dlp_verdict_.value().triggers[i]);
   }
 }
 
 void EventReportValidator::ValidateDlpRule(
     base::Value* value,
-    const DlpDeepScanningVerdict::TriggeredRule& expected_rule) {
+    const ContentAnalysisTrigger& expected_rule) {
   ValidateField(value, SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleAction,
-                base::Optional<int>(expected_rule.action()));
+                base::Optional<int>(expected_rule.action));
   ValidateField(value, SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleName,
-                expected_rule.rule_name());
+                expected_rule.name);
+  int64_t rule_id;
+  ASSERT_TRUE(base::StringToInt64(expected_rule.id, &rule_id));
   ValidateField(value, SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleId,
-                base::Optional<int>(expected_rule.rule_id()));
-  ValidateField(value,
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleSeverity,
-                expected_rule.rule_severity());
-  ValidateField(value,
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleResourceName,
-                expected_rule.rule_resource_name());
-
-  base::Value* matched_detectors =
-      value->FindListKey(SafeBrowsingPrivateEventRouter::kKeyMatchedDetectors);
-  ASSERT_NE(nullptr, matched_detectors);
-  ASSERT_EQ(base::Value::Type::LIST, matched_detectors->type());
-  base::Value::ListView detectors_list = matched_detectors->GetList();
-  int detectors_size = detectors_list.size();
-  ASSERT_EQ(detectors_size, expected_rule.matched_detectors_size());
-
-  for (int j = 0; j < detectors_size; ++j) {
-    base::Value* detector = &detectors_list[j];
-    ASSERT_EQ(base::Value::Type::DICTIONARY, detector->type());
-    const DlpDeepScanningVerdict::MatchedDetector& expected_detector =
-        expected_rule.matched_detectors(j);
-    ValidateField(detector,
-                  SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorId,
-                  expected_detector.detector_id());
-    ValidateField(detector,
-                  SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorName,
-                  expected_detector.display_name());
-    ValidateField(detector,
-                  SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorType,
-                  expected_detector.detector_type());
-  }
+                base::Optional<int>(rule_id));
 }
 
 void EventReportValidator::ValidateField(

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h

@@ -10,8 +10,8 @@
 
 #include "base/callback.h"
 #include "base/optional.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
-#include "components/safe_browsing/core/proto/webprotect.pb.h"
 
 namespace base {
 class Value;
@@ -47,7 +47,7 @@ class EventReportValidator {
       const std::string& expected_filename,
       const std::string& expected_sha256,
       const std::string& expected_trigger,
-      const DlpDeepScanningVerdict& expected_dlp_verdict,
+      const ContentAnalysisScanResult& expected_dlp_verdict,
       const std::set<std::string>* expected_mimetypes,
       int expected_content_size);
 
@@ -57,7 +57,7 @@ class EventReportValidator {
       const std::string& expected_sha256,
       const std::string& expected_threat_type,
       const std::string& expected_trigger,
-      const DlpDeepScanningVerdict& expected_dlp_verdict,
+      const ContentAnalysisScanResult& expected_dlp_verdict,
       const std::set<std::string>* expected_mimetypes,
       int expected_content_size);
 
@@ -76,9 +76,8 @@ class EventReportValidator {
   void ValidateReport(base::Value* report);
   void ValidateMimeType(base::Value* value);
   void ValidateDlpVerdict(base::Value* value);
-  void ValidateDlpRule(
-      base::Value* value,
-      const DlpDeepScanningVerdict::TriggeredRule& expected_rule);
+  void ValidateDlpRule(base::Value* value,
+                       const ContentAnalysisTrigger& expected_rule);
   void ValidateField(base::Value* value,
                      const std::string& field_key,
                      const base::Optional<std::string>& expected_value);
@@ -96,9 +95,8 @@ class EventReportValidator {
   std::string filename_;
   std::string sha256_;
   std::string trigger_;
-  base::Optional<DlpDeepScanningVerdict> dlp_verdict_ = base::nullopt;
+  base::Optional<ContentAnalysisScanResult> dlp_verdict_ = base::nullopt;
   base::Optional<std::string> threat_type_ = base::nullopt;
-  base::Optional<std::string> reason_ = base::nullopt;
   base::Optional<std::string> unscanned_reason_ = base::nullopt;
   base::Optional<bool> clicked_through_ = base::nullopt;
   base::Optional<int> content_size_ = base::nullopt;

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h

@@ -6,39 +6,51 @@
 #define CHROME_BROWSER_SAFE_BROWSING_CLOUD_CONTENT_SCANNING_DEEP_SCANNING_UTILS_H_
 
 #include <string>
+#include <vector>
+
 #include "base/time/time.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.h"
+#include "components/enterprise/common/proto/connectors.pb.h"
+#include "components/safe_browsing/core/proto/webprotect.pb.h"
 #include "url/gurl.h"
 
 class Profile;
 
+namespace enterprise_connectors {
+class ContentAnalysisResponse;
+}  // namespace enterprise_connectors
+
 namespace safe_browsing {
-// Helper function to examine a DeepScanningClientResponse and report the
-// appropriate events to the enterprise admin. |download_digest_sha256| must be
-// encoded using base::HexEncode.
-void MaybeReportDeepScanningVerdict(Profile* profile,
-                                    const GURL& url,
-                                    const std::string& file_name,
-                                    const std::string& download_digest_sha256,
-                                    const std::string& mime_type,
-                                    const std::string& trigger,
-                                    const int64_t content_size,
-                                    BinaryUploadService::Result result,
-                                    DeepScanningClientResponse response);
 
-// Helper function to report the user bypassed a warning to the enterprise
-// admin. This is split from MaybeReportDeepScanningVerdict since it happens
-// after getting a response. |download_digest_sha256| must be encoded using
-// base::HexEncode.
-void ReportSensitiveDataWarningBypass(Profile* profile,
-                                      const GURL& url,
-                                      const std::string& file_name,
-                                      const std::string& download_digest_sha256,
-                                      const std::string& mime_type,
-                                      const std::string& trigger,
-                                      const int64_t content_size,
-                                      const DlpDeepScanningVerdict& verdict);
+// Represents a trigger that caused a a content analysis request to report a
+// violation.  This is a structure that abstracts the old and new protobufs,
+// to diminish dependencies on them.
+struct ContentAnalysisTrigger {
+  ContentAnalysisTrigger();
+  ContentAnalysisTrigger(const ContentAnalysisTrigger& other);
+  ContentAnalysisTrigger(ContentAnalysisTrigger&& other);
+  ~ContentAnalysisTrigger();
+  ContentAnalysisTrigger& operator=(const ContentAnalysisTrigger& other);
+
+  int action;        // The action taken by chrome.
+  std::string id;    // The id of the trigger.
+  std::string name;  // A friendly name for the trigger.
+};
+
+// Represents the result of a sensitive data scan.  This is a structure that
+// abstracts the old and new protobugs, to diminish dependencies on them.
+struct ContentAnalysisScanResult {
+  ContentAnalysisScanResult();
+  ContentAnalysisScanResult(const ContentAnalysisScanResult& other);
+  ContentAnalysisScanResult(ContentAnalysisScanResult&& other);
+  ~ContentAnalysisScanResult();
+  ContentAnalysisScanResult& operator=(const ContentAnalysisScanResult& other);
+
+  std::string tag;  // The tag associated with the scan.
+  int status;       // The status of scan for the given tag.
+  std::vector<ContentAnalysisTrigger> triggers;  // Triggers, if any.
+};
 
 // Access points used to record UMA metrics and specify which code location is
 // initiating a deep scan. Any new caller of
@@ -64,6 +76,60 @@ enum class DeepScanAccessPoint {
 };
 std::string DeepScanAccessPointToString(DeepScanAccessPoint access_point);
 
+// Helper function to examine a DeepScanningClientResponse and report the
+// appropriate events to the enterprise admin. |download_digest_sha256| must be
+// encoded using base::HexEncode.
+void MaybeReportDeepScanningVerdict(Profile* profile,
+                                    const GURL& url,
+                                    const std::string& file_name,
+                                    const std::string& download_digest_sha256,
+                                    const std::string& mime_type,
+                                    const std::string& trigger,
+                                    DeepScanAccessPoint access_point,
+                                    const int64_t content_size,
+                                    BinaryUploadService::Result result,
+                                    const DeepScanningClientResponse& response);
+
+// Helper function to examine a ContentAnalysisResponse and report the
+// appropriate events to the enterprise admin. |download_digest_sha256| must be
+// encoded using base::HexEncode.
+void MaybeReportDeepScanningVerdict(
+    Profile* profile,
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    DeepScanAccessPoint access_point,
+    const int64_t content_size,
+    BinaryUploadService::Result result,
+    const enterprise_connectors::ContentAnalysisResponse& response);
+
+// Helper function to report the user bypassed a warning to the enterprise
+// admin. This is split from MaybeReportDeepScanningVerdict since it happens
+// after getting a response. |download_digest_sha256| must be encoded using
+// base::HexEncode.
+void ReportAnalysisConnectorWarningBypass(
+    Profile* profile,
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    DeepScanAccessPoint access_point,
+    const int64_t content_size,
+    const DlpDeepScanningVerdict& verdict);
+void ReportAnalysisConnectorWarningBypass(
+    Profile* profile,
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    DeepScanAccessPoint access_point,
+    const int64_t content_size,
+    const enterprise_connectors::ContentAnalysisResponse& response);
+
 // Helper functions to record DeepScanning UMA metrics for the duration of the
 // request split by its result and bytes/sec for successful requests.
 void RecordDeepScanMetrics(DeepScanAccessPoint access_point,
@@ -94,6 +160,19 @@ std::string BinaryUploadServiceResultToString(
     const BinaryUploadService::Result& result,
     bool success);
 
+// Converts legacy DeepScanningResponse protos or an enterprise connectors
+// ContentAnalysisResponse proto to ContentAnalysisScanResult used by the
+// reporting layer.  This indirection is used during the conversion to
+// connectors and possibly could be removed once the conversion is done.
+ContentAnalysisScanResult SensitiveDataVerdictToResult(
+    const safe_browsing::DlpDeepScanningVerdict& verdict);
+ContentAnalysisScanResult ContentAnalysisResultToResult(
+    const enterprise_connectors::ContentAnalysisResponse::Result& result);
+ContentAnalysisScanResult MalwareVerdictToResult(
+    const safe_browsing::MalwareDeepScanningVerdict& verdict);
+std::vector<ContentAnalysisScanResult> ContentAnalysisResponseToResults(
+    const enterprise_connectors::ContentAnalysisResponse& response);
+
 }  // namespace safe_browsing
 
 #endif  // CHROME_BROWSER_SAFE_BROWSING_CLOUD_CONTENT_SCANNING_DEEP_SCANNING_UTILS_H_

chrome/browser/safe_browsing/download_protection/deep_scanning_request.cc

@@ -283,7 +283,8 @@ void DeepScanningRequest::OnScanComplete(BinaryUploadService::Result result,
         base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
         item_->GetMimeType(),
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        item_->GetTotalBytes(), result, response);
+        DeepScanAccessPoint::DOWNLOAD, item_->GetTotalBytes(), result,
+        response);
   }
 
   DownloadCheckResult download_result = DownloadCheckResult::UNKNOWN;

chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc

@@ -17,6 +17,7 @@
 #include "chrome/browser/safe_browsing/cloud_content_scanning/binary_fcm_service.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "chrome/browser/safe_browsing/dm_token_utils.h"
 #include "chrome/browser/safe_browsing/download_protection/download_protection_service.h"
 #include "chrome/browser/safe_browsing/download_protection/download_protection_util.h"
@@ -542,7 +543,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         /*threat_type*/ "DANGEROUS",
         /*trigger*/
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
         /*mimetypes*/ ExeMimeTypes(),
         /*size*/ std::string("download contents").size());
 
@@ -579,7 +581,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         /*threat_type*/ "POTENTIALLY_UNWANTED",
         /*trigger*/
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
         /*mimetypes*/ ExeMimeTypes(),
         /*size*/ std::string("download contents").size());
 
@@ -612,7 +615,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         "76E00EB33811F5778A5EE557512C30D9341D4FEB07646BCE3E4DB13F9428573C",
         /*trigger*/
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
         /*mimetypes*/ ExeMimeTypes(),
         /*size*/ std::string("download contents").size());
 
@@ -645,7 +649,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         "76E00EB33811F5778A5EE557512C30D9341D4FEB07646BCE3E4DB13F9428573C",
         /*trigger*/
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
         /*mimetypes*/ ExeMimeTypes(),
         /*size*/ std::string("download contents").size());
 
@@ -680,7 +685,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         "76E00EB33811F5778A5EE557512C30D9341D4FEB07646BCE3E4DB13F9428573C",
         /*trigger*/
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
         /*mimetypes*/ ExeMimeTypes(),
         /*size*/ std::string("download contents").size());
 

chrome/browser/safe_browsing/download_protection/download_reporter.cc

@@ -11,6 +11,7 @@
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_factory.h"
 #include "chrome/browser/profiles/profile_key.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "components/download/public/common/download_danger_type.h"
 #include "components/download/public/common/download_item.h"
@@ -85,21 +86,19 @@ void ReportDangerousDownloadWarningBypassed(
   }
 }
 
-void ReportSensitiveDataWarningBypassed(download::DownloadItem* download) {
+void ReportAnalysisConnectorWarningBypassed(download::DownloadItem* download) {
   content::BrowserContext* browser_context =
       content::DownloadItemUtils::GetBrowserContext(download);
   Profile* profile = Profile::FromBrowserContext(browser_context);
   if (profile) {
     std::string raw_digest_sha256 = download->GetHash();
-    // TODO(crbug/1069109): Use actual DlpDeepScanningVerdict that triggered the
-    // original warning here.
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
-        ->OnSensitiveDataWarningBypassed(
-            DlpDeepScanningVerdict(), download->GetURL(),
-            download->GetTargetFilePath().AsUTF8Unsafe(),
+        ->OnAnalysisConnectorWarningBypassed(
+            download->GetURL(), download->GetTargetFilePath().AsUTF8Unsafe(),
             base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
             download->GetMimeType(),
             extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+            DeepScanAccessPoint::DOWNLOAD, ContentAnalysisScanResult(),
             download->GetTotalBytes());
   }
 }
@@ -167,7 +166,7 @@ void DownloadReporter::OnDownloadUpdated(download::DownloadItem* download) {
   if (old_danger_type ==
           download::DOWNLOAD_DANGER_TYPE_SENSITIVE_CONTENT_WARNING &&
       current_danger_type == download::DOWNLOAD_DANGER_TYPE_USER_VALIDATED) {
-    ReportSensitiveDataWarningBypassed(download);
+    ReportAnalysisConnectorWarningBypassed(download);
   }
 
   danger_types_[download] = current_danger_type;